思科交换机配置SSH与测试登录

思科交换机配置SSH与测试登录

（1）拓扑图

（2）基本配置

sw1:
hostname sw1
interface GigabitEthernet0/0
 no switchport
 ip address 10.12.6.6 255.255.0.0
 negotiation auto
!
ip routing
ip route 0.0.0.0 0.0.0.0 10.12.12.254

sw2:
hostname sw2
!         
interface GigabitEthernet0/0
 no switchport
 ip address 10.12.6.7 255.255.0.0
 negotiation auto
!
ip route 0.0.0.0 0.0.0.0 10.12.12.254

（3）SSH配置

Switch(config)#hostname sw1
sw1(config)#
sw1(config)#enable password cisco
sw1(config)#username cisco password cisco
sw1(config)#crypto key generate ?
  ec   Generate EC keys for ECDSA
  rsa  Generate RSA keys
sw1(config)#crypto key generate rsa
% Please define a domain-name first.
sw1(config)#ip domain-name zh-cjh.com
sw1(config)#
sw1(config)#crypto key generate rsa    //使用RSA加密
The name for the keys will be: sw1.zh-cjh.com
Choose the size of the key modulus in the range of 360 to 4096 for your
  General Purpose Keys. Choosing a key modulus greater than 512 may take
  a few minutes.
How many bits in the modulus [512]: 1024   //输入密钥长度
% Generating 1024 bit RSA keys, keys will be non-exportable...
[OK] (elapsed time was 1 seconds)
sw1(config)#
*Aug 12 23:02:46.523: %SSH-5-ENABLED: SSH 1.99 has been enabled
sw1(config)

line vty 0    #只允许同时一人在线

sw1(config)#line vty 0 4
sw1(config-line)#login local   #本地用户名进行认证
sw1(config-line)#privilege level 15
sw1(config-line)#transport input all
sw1(config-line)#logging synchronous
sw1(config-line)#exec-timeout 0 0

line vty 0 4
   login local
   privilege level 15
   transport input all
   logging synchronous
   exec-timeout 0 0

sw1#show ip ssh
sw1#show ip ssh  #如果能识别这句命令，说明设备支持ssh
SSH Enabled - version 1.99
Authentication methods:publickey,keyboard-interactive,password
Authentication Publickey Algorithms:x509v3-ssh-rsa,ssh-rsa
Hostkey Algorithms:x509v3-ssh-rsa,ssh-rsa
Encryption Algorithms:aes128-ctr,aes192-ctr,aes256-ctr
MAC Algorithms:hmac-sha1,hmac-sha1-96
Authentication timeout: 120 secs; Authentication retries: 3
Minimum expected Diffie Hellman key size : 1024 bits
IOS Keys in SECSH format(ssh-rsa, base64 encoded): sw1.zh-cjh.com
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQCvqNH31oV/95bgDRYIOG2lLSfHzhIgH7GKwgpYD4fL
vlK21YdYmkrcXHN0KgN0Ql+T506MIItq7fOV+LEVTRxGLwB96At+JSMxBd+LbWZHb2+ZVsXt+0KHJWFX
07HevfS6kMi/RuoUVFVpJe1RBxSx1E1acVaRk6dynbXChncmaQ==                            
sw1#

（4）测试

sw2使用ssh登录sw1

sw2#ssh -l cisco 10.12.6.6

win10在cmd界面使用ssh登录sw1

默认ssh1和ssh2都可以连接：

修改只允许ssh2连接：

sw1#show ssh
Connection      Version Encryption      State                   Username
1               1.5     3DES            Session started         cisco
Connection Version Mode Encryption  Hmac         State                 Username
0          2.0     IN   aes256-ctr  hmac-sha1    Session started       cisco
0          2.0     OUT  aes256-ctr  hmac-sha1    Session started       cisco
sw1#
sw1#conf t
sw1(config)#ip ssh version  ?
  2  Protocol Version to be supported
sw1(config)#ip ssh version  2
sw1(config)#end
sw1#show ssh
Connection      Version Encryption      State                   Username
1               1.5     3DES            Session started         cisco
Connection Version Mode Encryption  Hmac         State                 Username
0          2.0     IN   aes256-ctr  hmac-sha1    Session started       cisco
0          2.0     OUT  aes256-ctr  hmac-sha1    Session started       cisco
sw1#
sw1#

测试使用ssh1连接失败：

The client has disconnected from the server.  Reason:
Protocol version mismatch. Required protocol version is 1.3 - 1.99.  Received version was 2.0.

如果需要允许所有版本，可以ip ssh version 2删除即可：

sw1(config)#no ip ssh version  2

查看谁在连接（在没有输入密码成功时，也会显示出来）：

sw1#systat
    Line       User       Host(s)              Idle       Location
*  0 con 0                idle                 00:00:00   
   2 vty 0     cisco      idle                 00:00:37 172.16.1.85
  Interface    User               Mode         Idle     Peer Address
sw1#

远程管理（列表、list、全）远程telnetlist、vtylist、consolelist、sshlist、httplist、weblist、httpslist
http://www.zh-cjh.com/wenzhangguilei/2441.html
文章归类、所有文章列表、LISTLIST
http://www.zh-cjh.com/wangzhangonggao/2195.html